using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.Serialization;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Routing;
using Microsoft.Extensions.Options;
using Umbraco.Cms.Core;
using Umbraco.Cms.Core.Configuration;
using Umbraco.Cms.Core.Configuration.Models;
using Umbraco.Cms.Core.Features;
using Umbraco.Cms.Core.Hosting;
using Umbraco.Cms.Core.Mail;
using Umbraco.Cms.Core.Media;
using Umbraco.Cms.Core.Models.ContentEditing;
using Umbraco.Cms.Core.Services;
using Umbraco.Cms.Core.Trees;
using Umbraco.Cms.Core.WebAssets;
using Umbraco.Cms.Web.BackOffice.HealthChecks;
using Umbraco.Cms.Web.BackOffice.Profiling;
using Umbraco.Cms.Web.BackOffice.PropertyEditors;
using Umbraco.Cms.Web.BackOffice.Routing;
using Umbraco.Cms.Web.BackOffice.Security;
using Umbraco.Cms.Web.BackOffice.Trees;
using Umbraco.Cms.Web.Common.Attributes;
using Umbraco.Extensions;
using Constants = Umbraco.Cms.Core.Constants;
namespace Umbraco.Cms.Web.BackOffice.Controllers
{
///
/// Used to collect the server variables for use in the back office angular app
///
public class BackOfficeServerVariables
{
private readonly LinkGenerator _linkGenerator;
private readonly IRuntimeState _runtimeState;
private readonly UmbracoFeatures _features;
private readonly GlobalSettings _globalSettings;
private readonly IUmbracoVersion _umbracoVersion;
private readonly ContentSettings _contentSettings;
private readonly TreeCollection _treeCollection;
private readonly IHttpContextAccessor _httpContextAccessor;
private readonly IHostingEnvironment _hostingEnvironment;
private readonly RuntimeSettings _runtimeSettings;
private readonly SecuritySettings _securitySettings;
private readonly IRuntimeMinifier _runtimeMinifier;
private readonly IBackOfficeExternalLoginProviders _externalLogins;
private readonly IImageUrlGenerator _imageUrlGenerator;
private readonly PreviewRoutes _previewRoutes;
private readonly IEmailSender _emailSender;
private readonly MemberPasswordConfigurationSettings _memberPasswordConfigurationSettings;
public BackOfficeServerVariables(
LinkGenerator linkGenerator,
IRuntimeState runtimeState,
UmbracoFeatures features,
IOptions globalSettings,
IUmbracoVersion umbracoVersion,
IOptions contentSettings,
IHttpContextAccessor httpContextAccessor,
TreeCollection treeCollection,
IHostingEnvironment hostingEnvironment,
IOptions runtimeSettings,
IOptions securitySettings,
IRuntimeMinifier runtimeMinifier,
IBackOfficeExternalLoginProviders externalLogins,
IImageUrlGenerator imageUrlGenerator,
PreviewRoutes previewRoutes,
IEmailSender emailSender,
IOptions memberPasswordConfigurationSettings)
{
_linkGenerator = linkGenerator;
_runtimeState = runtimeState;
_features = features;
_globalSettings = globalSettings.Value;
_umbracoVersion = umbracoVersion;
_contentSettings = contentSettings.Value ?? throw new ArgumentNullException(nameof(contentSettings));
_httpContextAccessor = httpContextAccessor;
_treeCollection = treeCollection ?? throw new ArgumentNullException(nameof(treeCollection));
_hostingEnvironment = hostingEnvironment;
_runtimeSettings = runtimeSettings.Value;
_securitySettings = securitySettings.Value;
_runtimeMinifier = runtimeMinifier;
_externalLogins = externalLogins;
_imageUrlGenerator = imageUrlGenerator;
_previewRoutes = previewRoutes;
_emailSender = emailSender;
_memberPasswordConfigurationSettings = memberPasswordConfigurationSettings.Value;
}
///
/// Returns the server variables for non-authenticated users
///
///
internal async Task> BareMinimumServerVariablesAsync()
{
//this is the filter for the keys that we'll keep based on the full version of the server vars
var keepOnlyKeys = new Dictionary
{
{"umbracoUrls", new[] {"authenticationApiBaseUrl", "serverVarsJs", "externalLoginsUrl", "currentUserApiBaseUrl", "previewHubUrl", "iconApiBaseUrl"}},
{"umbracoSettings", new[] {"allowPasswordReset", "imageFileTypes", "maxFileSize", "loginBackgroundImage", "loginLogoImage", "canSendRequiredEmail", "usernameIsEmail", "minimumPasswordLength", "minimumPasswordNonAlphaNum", "hideBackofficeLogo", "disableDeleteWhenReferenced", "disableUnpublishWhenReferenced"}},
{"application", new[] {"applicationPath", "cacheBuster"}},
{"isDebuggingEnabled", new string[] { }},
{"features", new [] {"disabledFeatures"}}
};
//now do the filtering...
var defaults = await GetServerVariablesAsync();
foreach (var key in defaults.Keys.ToArray())
{
if (keepOnlyKeys.ContainsKey(key) == false)
{
defaults.Remove(key);
}
else
{
if (defaults[key] is System.Collections.IDictionary asDictionary)
{
var toKeep = keepOnlyKeys[key];
foreach (var k in asDictionary.Keys.Cast().ToArray())
{
if (toKeep.Contains(k) == false)
{
asDictionary.Remove(k);
}
}
}
}
}
// TODO: This is ultra confusing! this same key is used for different things, when returning the full app when authenticated it is this URL but when not auth'd it's actually the ServerVariables address
// so based on compat and how things are currently working we need to replace the serverVarsJs one
((Dictionary)defaults["umbracoUrls"])["serverVarsJs"]
= _linkGenerator.GetPathByAction(
nameof(BackOfficeController.ServerVariables),
ControllerExtensions.GetControllerName(),
new { area = Constants.Web.Mvc.BackOfficeArea });
return defaults;
}
///
/// Returns the server variables for authenticated users
///
///
internal async Task> GetServerVariablesAsync()
{
var globalSettings = _globalSettings;
var backOfficeControllerName = ControllerExtensions.GetControllerName();
var defaultVals = new Dictionary
{
{
"umbracoUrls", new Dictionary
{
// TODO: Add 'umbracoApiControllerBaseUrl' which people can use in JS
// to prepend their URL. We could then also use this in our own resources instead of
// having each URL defined here explicitly - we can do that in v8! for now
// for umbraco services we'll stick to explicitly defining the endpoints.
{"externalLoginsUrl", _linkGenerator.GetPathByAction(nameof(BackOfficeController.ExternalLogin), backOfficeControllerName, new { area = Constants.Web.Mvc.BackOfficeArea })},
{"externalLinkLoginsUrl", _linkGenerator.GetPathByAction(nameof(BackOfficeController.LinkLogin), backOfficeControllerName, new { area = Constants.Web.Mvc.BackOfficeArea })},
{"gridConfig", _linkGenerator.GetPathByAction(nameof(BackOfficeController.GetGridConfig), backOfficeControllerName, new { area = Constants.Web.Mvc.BackOfficeArea })},
// TODO: This is ultra confusing! this same key is used for different things, when returning the full app when authenticated it is this URL but when not auth'd it's actually the ServerVariables address
{"serverVarsJs", _linkGenerator.GetPathByAction(nameof(BackOfficeController.Application), backOfficeControllerName, new { area = Constants.Web.Mvc.BackOfficeArea })},
//API URLs
{
"packagesRestApiBaseUrl", Constants.PackageRepository.RestApiBaseUrl
},
{
"redirectUrlManagementApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetEnableState())
},
{
"tourApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetTours())
},
{
"embedApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetEmbed("", 0, 0))
},
{
"userApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.PostSaveUser(null))
},
{
"userGroupsApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.PostSaveUserGroup(null))
},
{
"contentApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.PostSave(null))
},
{
"publicAccessApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetPublicAccess(0))
},
{
"mediaApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetRootMedia())
},
{
"iconApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetIcon(""))
},
{
"imagesApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetBigThumbnail(""))
},
{
"sectionApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetSections())
},
{
"treeApplicationApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetApplicationTrees(null, null, null, TreeUse.None))
},
{
"contentTypeApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetAllowedChildren(0))
},
{
"mediaTypeApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetAllowedChildren(0))
},
{
"macroRenderingApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetMacroParameters(0))
},
{
"macroApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.Create(null))
},
{
"authenticationApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.PostLogin(null))
},
{
"twoFactorLoginApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.SetupInfo(null))
},
{
"currentUserApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.PostChangePassword(null))
},
{
"entityApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetById(0, UmbracoEntityTypes.Media))
},
{
"dataTypeApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetById(0))
},
{
"dashboardApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetDashboard(null))
},
{
"logApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetPagedEntityLog(0, 0, 0, Direction.Ascending, null))
},
{
"memberApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetByKey(Guid.Empty))
},
{
"packageApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetCreatedPackages())
},
{
"relationApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetById(0))
},
{
"rteApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetConfiguration())
},
{
"stylesheetApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetAll())
},
{
"memberTypeApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetAllTypes())
},
{
"memberTypeQueryApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetAllTypes())
},
{
"memberGroupApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetAllGroups())
},
{
"updateCheckApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetCheck())
},
{
"templateApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetById(0))
},
{
"memberTreeBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetNodes("-1", null))
},
{
"mediaTreeBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetNodes("-1", null))
},
{
"contentTreeBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetNodes("-1", null))
},
{
"tagsDataBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetTags("", "", null))
},
{
"examineMgmtBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetIndexerDetails())
},
{
"healthCheckBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetAllHealthChecks())
},
{
"templateQueryApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.PostTemplateQuery(null))
},
{
"codeFileApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetByPath("", ""))
},
{
"publishedStatusBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetPublishedStatusUrl())
},
{
"dictionaryApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.DeleteById(int.MaxValue))
},
{
"publishedSnapshotCacheStatusBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetStatus())
},
{
"helpApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetContextHelpForPage("","",""))
},
{
"backOfficeAssetsApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetSupportedLocales())
},
{
"languageApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetAllLanguages())
},
{
"relationTypeApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetById(1))
},
{
"logViewerApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetNumberOfErrors(null, null))
},
{
"webProfilingBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetStatus())
},
{
"tinyMceApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.UploadImage(null))
},
{
"imageUrlGeneratorApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetCropUrl(null, null, null, null))
},
{
"elementTypeApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetAll())
},
{
"previewHubUrl", _previewRoutes.GetPreviewHubRoute()
},
{
"trackedReferencesApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl(
controller => controller.GetPagedReferences(0, 1, 1, false))
}
}
},
{
"umbracoSettings", new Dictionary
{
{"umbracoPath", _globalSettings.GetBackOfficePath(_hostingEnvironment)},
{"mediaPath", _hostingEnvironment.ToAbsolute(globalSettings.UmbracoMediaPath).TrimEnd(Constants.CharArrays.ForwardSlash)},
{"appPluginsPath", _hostingEnvironment.ToAbsolute(Constants.SystemDirectories.AppPlugins).TrimEnd(Constants.CharArrays.ForwardSlash)},
{
"imageFileTypes",
string.Join(",", _imageUrlGenerator.SupportedImageFileTypes)
},
{
"disallowedUploadFiles",
string.Join(",", _contentSettings.DisallowedUploadFiles)
},
{
"allowedUploadFiles",
string.Join(",", _contentSettings.AllowedUploadFiles)
},
{
"maxFileSize",
GetMaxRequestLength()
},
{"keepUserLoggedIn", _securitySettings.KeepUserLoggedIn},
{"usernameIsEmail", _securitySettings.UsernameIsEmail},
{"cssPath", _hostingEnvironment.ToAbsolute(globalSettings.UmbracoCssPath).TrimEnd(Constants.CharArrays.ForwardSlash)},
{"allowPasswordReset", _securitySettings.AllowPasswordReset},
{"loginBackgroundImage", _contentSettings.LoginBackgroundImage},
{"loginLogoImage", _contentSettings.LoginLogoImage },
{"hideBackofficeLogo", _contentSettings.HideBackOfficeLogo },
{"disableDeleteWhenReferenced", _contentSettings.DisableDeleteWhenReferenced },
{"disableUnpublishWhenReferenced", _contentSettings.DisableUnpublishWhenReferenced },
{"showUserInvite", _emailSender.CanSendRequiredEmail()},
{"canSendRequiredEmail", _emailSender.CanSendRequiredEmail()},
{"showAllowSegmentationForDocumentTypes", false},
{"minimumPasswordLength", _memberPasswordConfigurationSettings.RequiredLength},
{"minimumPasswordNonAlphaNum", _memberPasswordConfigurationSettings.GetMinNonAlphaNumericChars()},
{"sanitizeTinyMce", _globalSettings.SanitizeTinyMce}
}
},
{
"umbracoPlugins", new Dictionary
{
// for each tree that is [PluginController], get
// alias -> areaName
// so that routing (route.js) can look for views
{ "trees", GetPluginTrees().ToArray() }
}
},
{
"isDebuggingEnabled", _hostingEnvironment.IsDebugMode
},
{
"application", GetApplicationState()
},
{
"externalLogins", new Dictionary
{
{
// TODO: It would be nicer to not have to manually translate these properties
// but then needs to be changed in quite a few places in angular
"providers", (await _externalLogins.GetBackOfficeProvidersAsync())
.Select(p => new
{
authType = p.ExternalLoginProvider.AuthenticationType,
caption = p.AuthenticationScheme.DisplayName,
properties = p.ExternalLoginProvider.Options
})
.ToArray()
}
}
},
{
"features", new Dictionary
{
{
"disabledFeatures", new Dictionary
{
{ "disableTemplates", _features.Disabled.DisableTemplates}
}
}
}
}
};
return defaultVals;
}
[DataContract]
private class PluginTree
{
[DataMember(Name = "alias")]
public string Alias { get; set; }
[DataMember(Name = "packageFolder")]
public string PackageFolder { get; set; }
}
private IEnumerable GetPluginTrees()
{
// used to be (cached)
//var treeTypes = Current.TypeLoader.GetAttributedTreeControllers();
//
// ie inheriting from TreeController and marked with TreeAttribute
//
// do this instead
// inheriting from TreeControllerBase and marked with TreeAttribute
foreach (var tree in _treeCollection)
{
var treeType = tree.TreeControllerType;
// exclude anything marked with CoreTreeAttribute
var coreTree = treeType.GetCustomAttribute(false);
if (coreTree != null) continue;
// exclude anything not marked with PluginControllerAttribute
var pluginController = treeType.GetCustomAttribute(false);
if (pluginController == null) continue;
yield return new PluginTree { Alias = tree.TreeAlias, PackageFolder = pluginController.AreaName };
}
}
///
/// Returns the server variables regarding the application state
///
///
private Dictionary GetApplicationState()
{
var version = _runtimeState.SemanticVersion.ToSemanticStringWithoutBuild();
var app = new Dictionary
{
// add versions - see UmbracoVersion for details & differences
// the complete application version (eg "8.1.2-alpha.25")
{ "version", version },
// the assembly version (eg "8.0.0")
{ "assemblyVersion", _umbracoVersion.AssemblyVersion.ToString() }
};
//the value is the hash of the version, cdf version and the configured state
app.Add("cacheBuster", $"{version}.{_runtimeState.Level}.{_runtimeMinifier.CacheBuster}".GenerateHash());
//useful for dealing with virtual paths on the client side when hosted in virtual directories especially
app.Add("applicationPath", _httpContextAccessor.GetRequiredHttpContext().Request.PathBase.ToString().EnsureEndsWith('/'));
//add the server's GMT time offset in minutes
app.Add("serverTimeOffset", Convert.ToInt32(DateTimeOffset.Now.Offset.TotalMinutes));
return app;
}
private string GetMaxRequestLength()
{
return _runtimeSettings.MaxRequestLength.HasValue ? _runtimeSettings.MaxRequestLength.Value.ToString() : string.Empty;
}
}
}